{"id":27976504,"url":"https://github.com/misp/misp-sighting-server","last_synced_at":"2025-09-06T05:38:07.571Z","repository":{"id":142313556,"uuid":"115883706","full_name":"MISP/misp-sighting-server","owner":"MISP","description":"MISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a space efficient way.","archived":false,"fork":false,"pushed_at":"2023-12-24T09:37:29.000Z","size":16,"stargazers_count":15,"open_issues_count":2,"forks_count":4,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-05-08T01:34:24.927Z","etag":null,"topics":["cti","information-security","misp","sighting","sightings","threat-intelligence"],"latest_commit_sha":null,"homepage":"https://misp.github.io/misp-sighting-server/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/MISP.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-12-31T20:22:15.000Z","updated_at":"2024-05-31T03:12:04.000Z","dependencies_parsed_at":null,"dependency_job_id":"7c1fb089-0450-4945-a3fb-b098fc49b7b1","html_url":"https://github.com/MISP/misp-sighting-server","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/MISP/misp-sighting-server","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-sighting-server","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-sighting-server/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-sighting-server/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-sighting-server/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/MISP","download_url":"https://codeload.github.com/MISP/misp-sighting-server/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/MISP%2Fmisp-sighting-server/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273859911,"owners_count":25181013,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-06T02:00:13.247Z","response_time":2576,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cti","information-security","misp","sighting","sightings","threat-intelligence"],"created_at":"2025-05-08T01:27:28.737Z","updated_at":"2025-09-06T05:38:07.527Z","avatar_url":"https://github.com/MISP.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# misp-sighting-server\n\nMISP sighting server is a fast sighting server to store and look-up sightings on attributes (network indicators, file hashes, system indicators) in a\nspace efficient way.\n\n## Features\n\n- Simple ReST API to get or set sighting\n- TODO - fast DNS server to allow lookup of sighting via DNS queries\n- TODO - fast import of sighting via pub-sub channel like ZMQ\n\n## Back-end database\n\nMISP sighting server rely on [kvrocks](https://github.com/apache/incubator-kvrocks/) using [RocksDB](https://github.com/facebook/rocksdb) at the current stage. \n\nThe back-end database might change following the evolution of the requirements or capabilities but the objective is to keep a compatibility layer to ensure use of the sighting database have the same\nAPI on the long-term.\n\n# Install\n\n~~~\ngit submodule init\ngit submodule update\ncd back-end/kvrocks\n./x.py build\ncd ../..\npip3 install -r REQUIREMENTS\n~~~\n\n# Starting the servers\n\n## Starting the back-end\n\n~~~\ncd back-end/kvrocks\n./build/kvrocks -c kvrocks.conf\u0026\n~~~\n\n## Starting the ReST API server\n\n~~~\ncd cfg\ncp server.cfg.sample server.cfg\ncd ..\ncd ./bin/\npython3 sighting-server.py\n~~~\n\n# Testing\n\n## Add a sighting\n\n|field|description|\n|:---|:---|\n|`value`|Value of the sighting or UUID reference to the sighting|\n|`type`|Type of sighting (default is `0`)|\n|`org_uuid`|UUID of the organisation recording the sighting|\n\n~~~\ncurl --header 'X-API-Key: afdef83f9cc7c87b801c36e4af632ef06af2f2ef' -X PUT  http://127.0.0.1:5000/add -d \"value=127.0.0.1\u0026type=0\u0026org_uuid=0acdaad8-b305-482f-a904-78330640636b\"  -d \"source=honeypot\"\n~~~\n\n## Get the sighting of a value\n\n~~~\ncurl -X GET http://127.0.0.1:5000/get -d \"value=127.0.0.1\"\n{\n    \"1676925347\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925348\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925349\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925350\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925351\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925352\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925353\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925354\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925355\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925356\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925358\": \"honeypot:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925618\": \"blackhole:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925619\": \"blackhole:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925623\": \"siem:0:0acdaad8-b305-482f-a904-78330640636b\",\n    \"1676925627\": \"edr_234:0:0acdaad8-b305-482f-a904-78330640636b\"\n}\n~~~\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmisp%2Fmisp-sighting-server","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmisp%2Fmisp-sighting-server","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmisp%2Fmisp-sighting-server/lists"}